How Clipper Malware Attacks Crypto Wallets: Details
The crypto sector, currently worth over $2 trillion (approximately Rs. 1,70,32,400 crore), is under constant threat from malicious actors that are rapidly increasing in number across the globe. In a recent blog post, Binance warned about the ‘clipper malware’, which is being used by cybercriminals to manipulate transaction data and steal tokens. This information from Binance comes just days after the FBI revealed that crypto users lost over $5.6 billion (approximately Rs. 47,029 crore) to scams and fraud last year.
Understanding Clipper Malware
You may have noticed that when you copy something on your phone, the information is saved to the ‘clipboard’ so that you can easily paste it into another app. This clipboard is exactly what cybercriminals target with Clipper malware.
Crypto wallet addresses are usually a random combination of numbers and letters, which can be hard to remember. People often copy wallet addresses during transactions. According to Binance, the Clipper malware intercepts this data on the clipboard.
“When a user copies and pastes a wallet address to transfer cryptocurrency, the malware replaces the original address with an address designated by the attacker. If the user completes the transfer without noticing the change, the cryptocurrency is sent to the attacker’s wallet, resulting in financial loss,” the malware said. blog mentioned.
Members of the crypto community who use Android devices and web applications are at a higher risk of being attacked by the Clipper malware.
“Many users inadvertently install these malicious apps while searching for software in their native language or through unofficial channels, often due to restrictions in their country. iOS users should also remain vigilant,” the blog said.
The use of the Clipper malware to facilitate attacks reportedly peaked around August 27, 2024.
Suggested safety measures
Binance strongly advises crypto users to triple-check the wallet addresses they paste during transactions. To ensure the authenticity of apps and plugins, users should only download them from official sources. Additionally, crypto investors are encouraged to install security software on their devices that can detect and remove malware.
“Awareness is an important part of cybersecurity. To be extra safe, you can take a screenshot of the withdrawal address right before sending the payment and have the recipient verify it with a photo to eliminate the chance of text-altering malware,” Binance said.
Crypto exchanges and companies have meanwhile been asked to proactively identify and blacklist suspicious wallet addresses through regular internal audits.
Binance said that users who may have been affected by the malware are being contacted with relevant information. The exchange also said that it is gathering more information about malicious software and plugins that scammers are using to deploy the Clipper malware.
History of Recent Crypto App Hacks
In recent months, multiple hacks on crypto protocols have led to millions of dollars in losses. In July this year, Indian crypto exchange WazirX lost over $230 million (approximately Rs. 1,900 crore) after hackers compromised one of its multi-sig wallets. Users of the exchange continue to face financial pressure as the exchange faces a timeline of up to six months to finalize a financial restructuring plan.
Last week, Indonesian crypto exchange Indaodax lost $22 million (about Rs 184 crore) in an alleged hack, according to security firms SlowMist and Arkham, among others.
The FBI has warned crypto investors that North Korean hackers are also ramping up their activities and attacking the crypto space with advanced techniques that are difficult to identify and tackle in time.